{"id":71952,"date":"2021-12-07T08:04:48","date_gmt":"2021-12-07T13:04:48","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=71952"},"modified":"2024-07-28T06:40:54","modified_gmt":"2024-07-28T06:40:54","slug":"what-how-and-where-open-source-gets-pulled-into-a-codebase","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/","title":{"rendered":"What, How, and Where Open-Source Gets Pulled into a Codebase"},"content":{"rendered":"

The vast majority of software developers in the industry today are paid to solve business problems. Regardless of whether they work for small independent software vendors or Fortune 500 companies, solving such problems is now one of their primary responsibilities. Given the time and the opportunity, many software developers would write as much functionality into their applications as they possibly could from scratch. However, that can be very time consuming: first, they have to debug and fix it, and then, they have to maintain it (or better yet, enhance it).<\/p>\n\n\n\n

\n<\/a>Third-Party Extensions Are the Answer<\/h2>\n\n\n\n

To increase productivity and save a great deal of time, developers often use code written by third parties rather than rebuilding the same generic functionality across multiple applications. While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source. This means that there is no marketplace and no purchase order; rather, a few extra lines of someone else\u2019s code are simply imported into the software.<\/p>\n\n\n\n

This can cause problems with licensing and disclosure if it is not accurately tracked and monitored. That is why software composition analysis (SCA) products are worth their weight in gold. These solutions find all of the third-party packages that are in use, then identify the corresponding licenses. They can even show if they are out of date or if known security vulnerabilities have been reported against them.<\/p>\n\n\n\n

\n<\/a>It\u2019s All Based on Open-Source<\/h2>\n\n\n\n

Even the lowest level of an application stack (the language and runtime engine) is often open-source. The most popular languages in use these days are all open-source, or at least have open-source distributions. Go, Python, PHP, Ruby, and JavaScript are all open-source by default, and even languages that are traditionally commercially supported have open-source distributions like OpenJDK (for Java) and gcc (for C\/C++).<\/p>\n\n\n\n

After you\u2019ve chosen your language, you\u2019ll likely want to ensure that you have some structure in place so that you won\u2019t need to declare all the basic functionality like dependency management and data management. Well over half of all Java applications use the Spring framework as their starting point. PHP uses Laravel, while JavaScript uses React and Bootstrap, among others.<\/p>\n\n\n\n

Frameworks and languages form a solid foundation for any application, but the bulk of open source influence can be found in the staggering number of modules that are available as packages and libraries which can be easily integrated into applications.<\/p>\n\n\n\n

\n<\/a>How Easy Is It to Find Open-Source Modules and Libraries?<\/h2>\n\n\n\n

Any web search for any type of functionality will often return results that link to places like GitHub, GitLab, PyPI, and many other sites. So how do you find what you need?<\/p>\n\n\n\n

Let\u2019s say that you want to make a particular form a little more secure by including a CAPTCHA. If you don\u2019t know where to start, just head over to your favorite search engine and enter, \u201ccaptcha library for Python.\u201d In our case, the first result is an open-source library that can be installed via pip (pip is the standard utility used in the Python ecosystem to install modules).<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Installing this module is as simple as typing, \u201cpip install captcha.\u201d<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Now, with just a couple lines of code, a whole new set of tested and proven functionality is added to the application in minutes.<\/p>\n\n\n\n

from captcha.image import ImageCaptcha\nimage = ImageCaptcha(fonts=['\/path\/A.ttf', '\/path\/B.ttf'])\ndata = image.generate('1234')\nimage.write('1234', 'out.png')<\/code><\/pre>\n\n\n\n
For another, more real-world example, let\u2019s say that you have a web application that needs to be able to pick a date from a calendar. To show you how to do this, we will use the jQuery library, which has a great deal of functionality and is easy to use.<\/p>\n\n\n\n
The first step is to add the jQuery modules to the web page in question. There are two stylesheets and two script files that need to be imported. These are added between the head tags. The next step is to define the datapicker function, which activates the appropriate pieces of the jQuery library. The final step is to define where to put it on the page using an input field.<\/p>\n\n\n\n
The code looks like this:<\/p>\n\n\n\n
<!doctype html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>jQuery UI Datepicker - Default functionality<\/title>\n <link rel=\"stylesheet\" href=\"\/\/code.jquery.com\/ui\/1.12.1\/themes\/base\/jquery-ui.css\">\n <link rel=\"stylesheet\" href=\"\/resources\/demos\/style.css\">\n <script src=\"https:\/\/code.jquery.com\/jquery-1.12.4.js\"><\/script>\n <script src=\"https:\/\/code.jquery.com\/ui\/1.12.1\/jquery-ui.js\"><\/script>\n <script>\n $( function() {\n   $( \"#datepicker\" ).datepicker();\n } );\n <\/script>\n<\/head>\n<body>\n<p>Date: <input type=\"text\" id=\"datepicker\"><\/p>\n<\/body>\n<\/html>\n<\/code><\/pre>\n\n\n\n
The finished web page looks like this:<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
When you select the date input, it will present a calendar. You can stylize it, of course, but this example shows the simplicity that open-source libraries can provide:<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
Without intentional effort, you will not find a single modern microservice or web site that doesn\u2019t have open-source somewhere in the components that it relies on or ships. The question isn\u2019t whether you can use open-source, but whether it provides a full view. Different open-source licenses have different restrictions around distribution. GPL requires the disclosure of all source code, whereas Apache and BSD licenses simply require proper copyright attribution. This can determine which open-source libraries and modules you are able to include in a given application. <\/p>\n\n\n\n
In any case, rather than just trusting the development team to document everything they do (and we all know how much developers love to document things), a better and more viable long-term solution would be to build a pipeline to catch all of the open-source code early, before it could introduce known security vulnerabilities or licensing complications. Better yet, you could integrate SCA into your source code repository and let tools like Checkmarx Software Composition Analysis do the heavy lifting for you.<\/a><\/p>\n\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n
Vince Power <\/strong>is an Enterprise Architect with a focus on digital transformation built with cloud enabled technologies. He has extensive experience working with Agile development organizations delivering their applications and services using DevOps principles including security controls, identity management, and test automation. You can find @vincepower on Twitter.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
Download our Ultimate Guide to SCA Here<\/a><\/span><\/strong>.<\/span><\/a><\/p>\n\n\n\n
\"\"<\/a><\/figure>","protected":false},"excerpt":{"rendered":"
The vast majority of software developers in the industry today are paid to solve business problems. Regardless of whether they work for small independent software vendors or Fortune 500 companies, solving such problems is now one of their primary responsibilities. Given the time and the opportunity, many software developers would write as much functionality into […]<\/p>\n","protected":false},"author":15,"featured_media":71961,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[190,188,178,179],"class_list":["post-71952","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-english","tag-open-source-security","tag-sca","tag-software-composition-analysis"],"acf":[],"yoast_head":"\nWhat, How, and Where Open-Source Gets Pulled into a Codebase - Checkmarx.com<\/title>\n<meta name=\"description\" content=\"While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What, How, and Where Open-Source Gets Pulled into a Codebase\" \/>\n<meta property=\"og:description\" content=\"While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-07T13:04:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-28T06:40:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Stephen Gates\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"What, How, and Where Open-Source Gets Pulled into a Codebase\" \/>\n<meta name=\"twitter:description\" content=\"While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stephen Gates\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/\"},\"author\":{\"name\":\"Stephen Gates\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/1ea38abd0315d0956c3c9c173724345b\"},\"headline\":\"What, How, and Where Open-Source Gets Pulled into a Codebase\",\"datePublished\":\"2021-12-07T13:04:48+00:00\",\"dateModified\":\"2024-07-28T06:40:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/\"},\"wordCount\":963,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png\",\"keywords\":[\"English\",\"Open-Source Security\",\"SCA\",\"Software Composition Analysis\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/\",\"name\":\"What, How, and Where Open-Source Gets Pulled into a Codebase - Checkmarx.com\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png\",\"datePublished\":\"2021-12-07T13:04:48+00:00\",\"dateModified\":\"2024-07-28T06:40:54+00:00\",\"description\":\"While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png\",\"width\":1024,\"height\":512},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/1ea38abd0315d0956c3c9c173724345b\",\"name\":\"Stephen Gates\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_15.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_15.png\",\"caption\":\"Stephen Gates\"},\"url\":\"https:\/\/checkmarx.com\/author\/stephen\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What, How, and Where Open-Source Gets Pulled into a Codebase - Checkmarx.com","description":"While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/","og_locale":"en_US","og_type":"article","og_title":"What, How, and Where Open-Source Gets Pulled into a Codebase","og_description":"While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source.","og_url":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2021-12-07T13:04:48+00:00","article_modified_time":"2024-07-28T06:40:54+00:00","og_image":[{"width":1024,"height":512,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png","type":"image\/png"}],"author":"Stephen Gates","twitter_card":"summary_large_image","twitter_title":"What, How, and Where Open-Source Gets Pulled into a Codebase","twitter_description":"While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source.","twitter_image":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Stephen Gates","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/"},"author":{"name":"Stephen Gates","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/1ea38abd0315d0956c3c9c173724345b"},"headline":"What, How, and Where Open-Source Gets Pulled into a Codebase","datePublished":"2021-12-07T13:04:48+00:00","dateModified":"2024-07-28T06:40:54+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/"},"wordCount":963,"commentCount":0,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png","keywords":["English","Open-Source Security","SCA","Software Composition Analysis"],"articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/","url":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/","name":"What, How, and Where Open-Source Gets Pulled into a Codebase - Checkmarx.com","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png","datePublished":"2021-12-07T13:04:48+00:00","dateModified":"2024-07-28T06:40:54+00:00","description":"While there has always been a market for commercially licensed and supported extensions (including modules, packages, libraries, and frameworks), the vast majority of the third-party code used today is open-source.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/what-how-and-where-open-source-gets-pulled-into-a-codebase\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2021\/12\/shutterstock_1997565722.png","width":1024,"height":512},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/1ea38abd0315d0956c3c9c173724345b","name":"Stephen Gates","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_15.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_15.png","caption":"Stephen Gates"},"url":"https:\/\/checkmarx.com\/author\/stephen\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/71952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=71952"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/71952\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/71961"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=71952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=71952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=71952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}